CN106790397B - Data service characteristic identification system and method - Google Patents
Data service characteristic identification system and method Download PDFInfo
- Publication number
- CN106790397B CN106790397B CN201611062906.1A CN201611062906A CN106790397B CN 106790397 B CN106790397 B CN 106790397B CN 201611062906 A CN201611062906 A CN 201611062906A CN 106790397 B CN106790397 B CN 106790397B
- Authority
- CN
- China
- Prior art keywords
- service
- data
- business
- model
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a system and a method for identifying the business characteristics of data, wherein the system comprises a protocol stripping module and a rule flow and process simulation module; the protocol stripping module is used for stripping the network protocol in the service data through a standard audit data structure defined in the protocol stripping module; the regular flow and flow simulation module is used for splitting the service data of different service flows into service nodes as basic units through service splitting and service combination based on the service data from which the network protocol is stripped, and then forming service clusters by the service nodes, wherein the service clusters form service flows. The invention can realize the differentiation of network protocols and realize business audit facing to the whole industry.
Description
Technical Field
The invention relates to the technical field of information, in particular to a system and a method for identifying service characteristics of data.
Background
With the rapid development of the internet and electronic information industry, in order to improve the capabilities of production, management, sales and the like, more and more enterprises, organizations and individuals adopt informatization systems and tools to acquire more information to reform the mechanisms, but the problems of information security and the like are followed. Most of the current safety products mainly perform safety management and monitoring on networks and systems, and cannot effectively supervise and control business information systems and tools, so that many information safety risks are hidden in the environment. Illegal cases generated by information security risks are frequently rare, and various cases are layered.
In recent years, in order to more effectively reduce and eliminate the occurrence frequency of security incidents, the awareness of information security prevention by national governments and enterprises and public institutions is more and more emphasized, and corresponding new policies and measures are provided. In order to adapt to policy environment changes and benefits, novel information security related products are continuously emerging and occupy local markets. However, the problem that these products have extremely limited supervision effect on business information systems and tools besides network and system information security comes from the fact that the business security products focus on business information systems and tools of enterprises and organizations, and the related technologies of the products are not mature.
Disclosure of Invention
The invention aims to provide a data service feature identification system and a data service feature identification method, which can realize the differentiation of network protocols and realize service audit facing the whole industry.
In order to achieve the technical purpose, the technical scheme of the invention is realized as follows:
a data service characteristic identification system comprises a protocol stripping module and a rule flow and flow simulation module;
the protocol stripping module is used for stripping the network protocol in the service data through a standard audit data structure defined in the protocol stripping module;
the regular flow and flow simulation module is used for splitting the service data of different service flows into service nodes as basic units through service splitting and service combining based on the service data from which the network protocol is stripped, and then forming service clusters by the service nodes, wherein the service clusters form service flows.
Furthermore, the rule flow and process simulation module realizes the splitting and the combination of the service through a service snapshot analysis modeling module and a service instantiation module thereon, wherein the service snapshot analysis modeling module comprises a service snapshot module, a service analysis module, a model establishment module and a model verification module;
the service snapshot module is used for capturing the starting behavior and the ending behavior of the service operation action and storing the data message and the screenshot in the capturing process;
the business analysis module is used for identifying the data of the business operation based on the business snapshot, analyzing the position and the characteristics of the business data related to the business operation and converting the position and the characteristics into business rules;
the model building module is used for defining the business rules and the attributes of the business and outputting the set as a model file according to a uniform structure and a lasting mode;
the model verification module is used for verifying a model by using a local snapshot, including comparing service attributes, data and related information, preliminarily verifying the correctness of the model, carrying out instantiation operation of the service if the verification result is correct, and carrying out analysis of the service, establishment of a service model and verification of the model again if the verification result is incorrect;
the service instantiation module is used for loading the service model to the bottom layer data engine, positioning concerned service operation by using the service model in the process that the actual service data message passes through the bottom layer engine, extracting required data from the actual service data message through the service data and attribute definition defined in the model, and finally packaging the data into an object.
Further, the business model includes a business operation name, a user identifier, business operation data, and a process association rule.
Further, the service instantiation object structure comprises service attributes, user data, service data and auditing results.
A method for identifying service characteristics of data comprises the following steps:
1) based on the service data with the network protocol stripped, the network protocol in the service data is stripped through a defined standard audit data structure;
2) the service data of different service flows are split into service nodes as basic units through service splitting and service combining, then the service nodes form a service cluster, and the service cluster forms a service flow.
Further, the step 2) comprises the following steps:
2.1) service snapshot: capturing the starting and ending behaviors of the business operation action, and storing the data message and the screenshot in the capturing process;
2.2) service analysis: based on the service snapshot, identifying the data of the service operation, analyzing the position and the characteristics of the service data related to the service operation, and converting the position and the characteristics into service rules;
2.3) establishing a model: the set of the defined business rules and the attributes of the business itself is output as a model file according to a uniform structure and a lasting mode;
2.4) model verification: using the local snapshot to verify the model, including comparing the service attribute, the data and the related information, preliminarily verifying the correctness of the model, if the verification result is correct, performing the following steps, and if the verification result is incorrect, performing the operations of the steps 2.2) to 2.4) again;
2.5) service instantiation: and loading the service model to a bottom layer data engine, positioning concerned service operation by using the service model in the process that the actual service data message passes through the bottom layer engine, extracting required data from the actual service data message through the service data and attribute definition defined in the model, and finally packaging the data into an object.
Further, the business model includes a business operation name, a user identifier, business operation data, and a process association rule.
Further, the service instantiation object structure comprises service attributes, user data, service data and auditing results.
The invention has the beneficial effects that:
1. business audit facing to the whole industry is realized, and the business feature identification technology of data can effectively audit no matter the industry category and the industry characteristics;
2. the differentiation of network protocols is realized, different network protocols are realized, and although the data formats of the different network protocols are different, the service characteristic identification technology of the data can be compatible with any network protocol;
3. the problem of difficult auditing caused by industrial integrated service association and data association is solved, the service content and the data are associated to the service instantiation object through the service instantiation object in the service characteristic identification technology of the data, and the safety auditing of the highly integrated industrial integrated information system is realized.
Drawings
FIG. 1 is a schematic block diagram of a system according to an embodiment of the invention;
FIG. 2 is a flow chart of a method according to an embodiment of the invention;
FIG. 3 is a schematic diagram of a protocol stripping flow according to an embodiment of the invention;
FIG. 4 is a schematic diagram of a business process according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a business model building process according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a business model according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.
As shown in fig. 1, a system for identifying service characteristics of data according to an embodiment of the present invention includes a protocol stripping module and a rule flow and flow simulation module;
as shown in fig. 3, the protocol stripping module is configured to strip the network protocol in the service data through a standard audit data structure defined therein, and subsequent product services are performed based on the service data standard without paying attention to the network protocol itself, so that the product services and the network protocol can be effectively decoupled.
As shown in fig. 4, the regular flow and process simulation module is configured to split service data of different service processes into service nodes as basic units through service splitting and service combining based on the service data from which the network protocol is stripped, and then form service clusters from the service nodes, where the service clusters form service flows. The business process which can be audited by the safety product is formed by splitting and combining, so that auditing of different business systems is realized.
In the foregoing embodiment, further, as shown in fig. 1, the rule flow and process simulation module implements splitting and combining of services through a service snapshot analysis modeling module and a service instantiation module thereon, where the service snapshot analysis modeling module includes a service snapshot module, a service analysis module, a model establishment module, and a model verification module;
the service snapshot module is used for capturing the starting behavior and the ending behavior of the service operation action and storing the data message and the screenshot in the capturing process;
the business analysis module is used for identifying the data of the business operation based on the business snapshot, analyzing the position and the characteristics of the business data related to the business operation and converting the position and the characteristics into business rules;
the model building module is used for defining the business rules and the attributes of the business and outputting the set as a model file according to a uniform structure and a lasting mode;
the model verification module is used for verifying a model by using a local snapshot, including comparing service attributes, data and related information, preliminarily verifying the correctness of the model, carrying out instantiation operation of the service if the verification result is correct, and carrying out analysis of the service, establishment of a service model and verification of the model again if the verification result is incorrect;
the service instantiation module is used for loading the service model to the bottom layer data engine, positioning concerned service operation by using the service model in the process that the actual service data message passes through the bottom layer engine, extracting required data from the actual service data message through the service data and attribute definition defined in the model, and finally packaging the data into an object.
In the above embodiment, the business model includes a business operation name, a user identifier, business operation data, and a process association rule.
In the above embodiment, as shown in fig. 6, the service model is composed of a service flow plus attribute, a rule flow plus attribute, a user operation characteristic plus attribute, and service operation data, and the above structure is used to support a rule flow and flow simulation technique. The service instantiation object structure is an instantiated service object, and network data generated by service operation of a client is instantiated by our system. The method can be a single business operation, a complex business process, or can be formed by integrating the processes in a plurality of business systems. The service instantiation object comprises service attributes, user data, service data and an auditing result, and can support higher-level auditing application of an upper layer.
As shown in fig. 2, the present invention also discloses a method for identifying data service characteristics, which comprises the following steps:
1) based on the service data with the network protocol stripped, the network protocol in the service data is stripped through a defined standard audit data structure;
2) the service data of different service flows are split into service nodes as basic units through service splitting and service combining, then the service nodes form a service cluster, and the service cluster forms a service flow.
Further, as shown in fig. 5, step 2) includes the following steps:
2.1) service snapshot: capturing the starting and ending behaviors of the business operation action, and storing the data message and the screenshot in the capturing process, wherein the business snapshot is the basis for later business analysis and model establishment;
2.2) service analysis: based on the service snapshot, identifying the data of the service operation, analyzing the position and the characteristics of the service data related to the service operation, and converting the position and the characteristics into service rules;
2.3) establishing a model: the set of the defined business rules and the attributes of the business itself is output as a model file according to a uniform structure and a lasting mode;
2.4) model verification: using the local snapshot to verify the model, including comparing the service attribute, the data and the related information, preliminarily verifying the correctness of the model, if the verification result is correct, performing the following steps, and if the verification result is incorrect, performing the operations of the steps 2.2) to 2.4) again;
2.5) service instantiation: and loading the service model to a bottom layer data engine, positioning concerned service operation by using the service model in the process that the actual service data message passes through the bottom layer engine, extracting required data from the actual service data message through the service data and attribute definition defined in the model, and finally packaging the data into an object, wherein the object is a service example.
In the above embodiment, the business model includes a business operation name, a user identifier, business operation data, and a process association rule.
In the above embodiment, as shown in fig. 6, the service model is composed of a service flow plus attribute, a rule flow plus attribute, a user operation characteristic plus attribute, and service operation data, and the above structure is used to support a rule flow and flow simulation technique. The service instantiation object structure is an instantiated service object, and network data generated by service operation of a client is instantiated by our system. The method can be a single business operation, a complex business process, or can be formed by integrating the processes in a plurality of business systems. The service instantiation object comprises service attributes, user data, service data and an auditing result, and can support higher-level auditing application of an upper layer.
In summary, with the above technical solutions of the present invention, the system and method for identifying service characteristics of data of the present invention can provide an omnidirectional technical support for information security of enterprise service systems of different industries and different network protocols.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (8)
1. A data service characteristic identification system is characterized by comprising a protocol stripping module and a rule flow and flow simulation module;
the protocol stripping module is used for stripping the network protocol in the service data through a standard audit data structure defined in the protocol stripping module;
the regular flow and flow simulation module is used for splitting the service data of different service flows into service nodes as basic units through service splitting and service combining based on the service data from which the network protocol is stripped, and then forming service clusters by the service nodes, wherein the service clusters form service flows.
2. The system for identifying the business features of the data according to claim 1, wherein the rule flow and process simulation module realizes the splitting and the combining of the business through a business snapshot analysis modeling module and a business instantiation module thereon, and the business snapshot analysis modeling module comprises a business snapshot module, a business analysis module, a model establishment module and a model verification module;
the service snapshot module is used for capturing the starting behavior and the ending behavior of the service operation action and storing the data message and the screenshot in the capturing process;
the business analysis module is used for identifying the data of the business operation based on the business snapshot, analyzing the position and the characteristics of the business data related to the business operation and converting the position and the characteristics into business rules;
the model building module is used for defining the business rules and the attributes of the business and outputting the set as a model file according to a uniform structure and a lasting mode;
the model verification module is used for verifying a model by using a local snapshot, including comparing service attributes, data and related information, preliminarily verifying the correctness of the model, carrying out instantiation operation of the service if the verification result is correct, and carrying out analysis of the service, establishment of a service model and verification of the model again if the verification result is incorrect;
the service instantiation module is used for loading the service model to the bottom layer data engine, positioning concerned service operation by using the service model in the process that the actual service data message passes through the bottom layer engine, extracting required data from the actual service data message through the service data and attribute definition defined in the model, and finally packaging the data into an object.
3. The system of claim 2, wherein the business model comprises a business operation name, a user identifier, business operation data, and process association rules.
4. The system for business feature recognition of data of claim 2, wherein the business instantiation object structure comprises business attributes, user data, business data, and audit results.
5. A method for identifying service characteristics of data is characterized by comprising the following steps:
1) stripping a network protocol in service data by a defined standard audit data structure;
2) based on the service data with the network protocol stripped, the service data of different service flows are split into service nodes as basic units through service splitting and service combination, then the service nodes form a service cluster, and the service cluster forms a service stream.
6. The method for identifying data service features according to claim 5, wherein the step 2) comprises the following steps:
2.1) service snapshot: capturing the starting and ending behaviors of the business operation action, and storing the data message and the screenshot in the capturing process;
2.2) service analysis: based on the service snapshot, identifying the data of the service operation, analyzing the position and the characteristics of the service data related to the service operation, and converting the position and the characteristics into service rules;
2.3) establishing a model: the set of the defined business rules and the attributes of the business itself is output as a model file according to a uniform structure and a lasting mode;
2.4) model verification: using the local snapshot to verify the model, including comparing the service attribute, the data and the related information, preliminarily verifying the correctness of the model, if the verification result is correct, performing the following steps, and if the verification result is incorrect, performing the operations of the steps 2.2) to 2.4) again;
2.5) service instantiation: and loading the service model to a bottom layer data engine, positioning concerned service operation by using the service model in the process that the actual service data message passes through the bottom layer engine, extracting required data from the actual service data message through the service data and attribute definition defined in the model, and finally packaging the data into an object.
7. The method of claim 6, wherein the business model comprises a business operation name, a user identifier, business operation data, and a process association rule.
8. The method for identifying service characteristics of data according to claim 6, wherein the service instantiation object structure comprises service attributes, user data, service data and audit results.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611062906.1A CN106790397B (en) | 2016-11-28 | 2016-11-28 | Data service characteristic identification system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611062906.1A CN106790397B (en) | 2016-11-28 | 2016-11-28 | Data service characteristic identification system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106790397A CN106790397A (en) | 2017-05-31 |
| CN106790397B true CN106790397B (en) | 2020-06-09 |
Family
ID=58901791
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611062906.1A Expired - Fee Related CN106790397B (en) | 2016-11-28 | 2016-11-28 | Data service characteristic identification system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106790397B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107968709B (en) | 2017-11-15 | 2020-01-03 | 财付通支付科技有限公司 | Service data processing method, identity management method and service auditing method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938382A (en) * | 2010-08-13 | 2011-01-05 | 杭州迪普科技有限公司 | Detection method of auditing characteristics and user action auditing system |
| CN102244664A (en) * | 2011-08-29 | 2011-11-16 | 浙江中烟工业有限责任公司 | Multistage interconnection safety management centre subsystem of multistage safety interconnection platform |
| CN102984170A (en) * | 2012-12-11 | 2013-03-20 | 清华大学 | System and method for safe filtering of industrial control network |
| CN103139058A (en) * | 2013-01-28 | 2013-06-05 | 公安部第一研究所 | Internet of things security access gateway |
| CN103516565A (en) * | 2012-06-20 | 2014-01-15 | 中兴通讯股份有限公司 | Service data processing method and apparatus |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130191569A1 (en) * | 2012-01-25 | 2013-07-25 | Qualcomm Incorporated | Multi-lane high-speed interfaces for high speed synchronous serial interface (hsi), and related systems and methods |
-
2016
- 2016-11-28 CN CN201611062906.1A patent/CN106790397B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938382A (en) * | 2010-08-13 | 2011-01-05 | 杭州迪普科技有限公司 | Detection method of auditing characteristics and user action auditing system |
| CN102244664A (en) * | 2011-08-29 | 2011-11-16 | 浙江中烟工业有限责任公司 | Multistage interconnection safety management centre subsystem of multistage safety interconnection platform |
| CN103516565A (en) * | 2012-06-20 | 2014-01-15 | 中兴通讯股份有限公司 | Service data processing method and apparatus |
| CN102984170A (en) * | 2012-12-11 | 2013-03-20 | 清华大学 | System and method for safe filtering of industrial control network |
| CN103139058A (en) * | 2013-01-28 | 2013-06-05 | 公安部第一研究所 | Internet of things security access gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106790397A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020143226A1 (en) | Industrial control system intrusion detection method based on integrated learning | |
| CN103246735B (en) | A kind of method for processing abnormal data and system | |
| WO2017037443A1 (en) | Predictive human behavioral analysis of psychometric features on a computer network | |
| CN116506217B (en) | Analysis method, system, storage medium and terminal for security risk of service data stream | |
| CN113645065B (en) | Industrial control security audit system and method based on industrial Internet | |
| CN106407813B (en) | Heterogeneous vulnerability scanner data normalization processing device and method | |
| CN112468347B (en) | Security management method and device for cloud platform, electronic equipment and storage medium | |
| CN104717085A (en) | Log parsing method and device | |
| CN113536325A (en) | Digital information risk monitoring method and device | |
| US10742688B2 (en) | Platform for automated regulatory compliance monitoring of messaging services | |
| CN107409134A (en) | Method card analysis | |
| CN101561806B (en) | Information extraction and audit method of DB2 database operation, device and system thereof | |
| CN112036995A (en) | Large-scale enterprise financial data management method and system based on block chain and readable storage medium | |
| TW201719484A (en) | Information security management system for application level log-based analysis and method using the same | |
| CN109345131A (en) | A kind of enterprise management condition monitoring method and system | |
| CN107168844B (en) | Performance monitoring method and device | |
| CN112884121A (en) | Traffic identification method based on generation of confrontation deep convolutional network | |
| CN115982012A (en) | Evaluation model and method for interface management capability maturity | |
| CN117009483A (en) | Method, device and equipment for generating question-answering service and readable storage medium | |
| CN115396324A (en) | Network security situation perception early warning processing system | |
| CN106790397B (en) | Data service characteristic identification system and method | |
| Wang et al. | An unknown protocol syntax analysis method based on convolutional neural network | |
| CN106920022B (en) | Safety vulnerability assessment method, system and equipment for cigarette industrial control system | |
| CN113609427A (en) | System data resource extraction method and system under condition of no interface | |
| CN114385609A (en) | Label-based government affair event processing system, method, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200609 Termination date: 20211128 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |